<?php
include("../../tools/session.php");
include("../../tools/controls.php");
include("../../tools/pub.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
   include("tpl-inc-wp.php");
   $tpl->display($oa_tpl_path . "/default/company_power.html");
}
// 显示公司列表
elseif ($page_status == 1)
{
   include("../../tools/mysql.php");
   db_connect();
   
   header("content-type: text/xml");
   echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
   echo "<company>\n";
   
   // 注意，权限设置不能设置自己或自己所在组、公司、部门等的权限！
   // 只能设置自己管理下的员工的权限！
   /* $sql = "SELECT company_id, name, zh_name, power FROM company
			WHERE company_id<>0 AND company_id<>" . $_SESSION["user"]["company_id"]
	      . " ORDER BY company_id ASC";
	*/
   $sql = "SELECT company_id, name, zh_name, power FROM company
			WHERE company_id<>0 ORDER BY company_id ASC";
   $re = db_query($sql);
   foreach ($re as $v)
	 {
		echo "<item>\n";
		echo "<id>" . $v["company_id"] . "</id>\n";
		echo "<name>" . $v["name"] . "</name>\n";
		echo "<zhname>" . $v["zh_name"] . "</zhname>\n";
		echo "<power><![CDATA[" . $v["power"] . "]]></power>\n";
		echo "</item>\n";
	 }
   
   echo "</company>\n";
}
// 修改权限
elseif ($page_status == 2)
{
	include("../../tools/mysql.php");
	db_connect();
	
	$cid = $_POST["cid"];
	$power = $_POST["power"];
	
	$sql = "UPDATE `company` SET `power`='" . $power . "' WHERE company_id=" . $cid;
	// echo db_exec($sql) ? "Success: 修改权限成功！" : "Error: 修改权限失败！";
	$log_str = array("公司（ID: " . $cid . "）权限修改成功！", "公司权限修改失败！");
	echo check_status_write_to_log(db_exec($sql), $log_str, FALSE);
}
?>
